Allow PG env vars in production preflight

scripts/check-production-env.mjs

@@ -5,7 +5,6 @@ const required = [
   "ADMIN_SESSION_SECRET",
   "MERCHANT_SESSION_SECRET",
   "INTEGRATION_WEBHOOK_SECRET",
-  "DATABASE_URL",
   "MQTT_BROKER_URL",
   "MQTT_USERNAME",
   "MQTT_PASSWORD",
@@ -33,6 +32,13 @@ for (const name of required) {
   }
 }
 
+const pgVars = ["PGHOST", "PGPORT", "PGUSER", "PGPASSWORD", "PGDATABASE"];
+const hasDatabaseUrl = Boolean(process.env.DATABASE_URL);
+const missingPgVars = pgVars.filter((name) => !process.env[name]);
+if (!hasDatabaseUrl && missingPgVars.length) {
+  errors.push(`DATABASE_URL or ${pgVars.join("/")} is required`);
+}
+
 for (const [name, value] of insecureDefaults.entries()) {
   if (name === "ADMIN_TOKEN" && process.env.ADMIN_AUTH_ALLOW_LEGACY_TOKEN === "false") {
     continue;
@@ -89,6 +95,10 @@ if (process.env.DATABASE_URL && !/^postgres(ql)?:\/\//.test(process.env.DATABASE
   errors.push("DATABASE_URL must be a postgres connection string");
 }
 
+if (!process.env.DATABASE_URL && process.env.PGPORT && !Number.isInteger(Number(process.env.PGPORT))) {
+  errors.push("PGPORT must be a number");
+}
+
 if (process.env.MQTT_BROKER_URL && !/^mqtts:\/\//.test(process.env.MQTT_BROKER_URL)) {
   warnings.push("MQTT_BROKER_URL should use mqtts:// for production");
 }